Shadow IT is sabotaging your business—here’s how to stop it

Beneath your company’s network of enterprise systems and approved apps, there’s a seedy underbelly that’s putting your organisation at risk. Known as “shadow IT,” it’s composed of all the unapproved apps and devices employees use behind your back at work. And it’s happening more than you realise.

The rise of personal devices in the workplace, combined with the recent explosion in software-as-a-service (SaaS), has caused unauthorised apps to spread like wildfire, spinning out of IT’s control. Despite BYOD policies restricting software use to a handful of approved apps, more than 64 per cent of employees ignore the rules and use the apps of their choice anyway.

“As mobile app usage continues to grow, apps themselves are putting corporate data in jeopardy,” says Symantec. “Increasingly, the apps that employees use are not issued by the IT organisation, which means IT personnel cannot ensure they come from trusted developers.”

Unfortunately, this opens the door to an “outflow of unprotected company data” that IT professionals have no way to secure, adds technology expert Ty Rollin. To combat the risks posed by shadow IT, enterprises need to find new ways to get employees the apps they need to combat the use of alternative applications which put security at risk.

The rising threat of grayware

Employees tend to be unaware of security risks of third party apps both on their desktops and mobile devices. Most are installed with little to no consideration of their potential dangers.

At least a third of all apps are grayware, or apps that walk the line between legitimate software and malware. Even when they’re not intentionally malicious, they put corporations at risk by collecting sensitive data—often for practical reasons—without keeping it secure.

“This risky behaviour can leave both sensitive corporate and personal data open to being stolen and used immediately, stored for future use, or sold into a thriving black market where compromised corporate and personal identities are traded globally,” says Threat Intelligence Times.

More than 25 per cent of enterprises have accidentally leaked sensitive data through unapproved use of desktop favourites like Google Apps and 24 per cent have had their files accessed by unauthorised users on Dropbox. Evernote, which has more than 25 million U.S. users, is another popular app used by professionals—despite the fact that everything you put into it gets stored, unencrypted, on the app’s servers.

The potential for disaster has prompted IT experts to call grayware one of the most pervasive threats in mobile security. Business leaders have responded by trying to clamp down on the use of unauthorised apps, but to no avail. Around a third of companies plan on developing enterprise app stores to nudge employees toward corporate-approved apps. Yet shadow IT continues to proliferate.

Why employees go rogue

Two-thirds of employees say they understand the serious cyber-security risks of their behaviour, yet one in four admit to doing it anyway. Why? Because the enterprise apps that employers provide are letting them down.

Google Apps are used without IT approval in 40 per cent of enterprises… and 27 per cent have leaked sensitive data. Similar stats are true of Dropbox as well.

About 43 per cent of mobile workers are unimpressed with corporate apps, due to slow load times, clunky interfaces, and other frustrating limitations that often send them running back to the computer to finish their work.

Eight in 10 business professionals who admit to using SaaS apps at work without IT approval.

More than a third of employees believe the only way they can work efficiently is by subverting a security measure or protocol.

At the end of the day, employees feel that the business value in using rogue apps outweighs the potential risks.

The key to defeating shadow IT

“It’s clear that employee satisfaction with corporate mobile apps is falling short,” says technology strategist Scott Snyder. The same goes for other enterprise software. So how can enterprises prevent sensitive data from leaking out through unsecure apps? Simple: Build an enterprise app that’s better than anything else out there. If employees love it, they’ll want to use it.

“To ensure greater app engagement—and reduce the privacy and security risks associated with rogue app usage—enterprises must adopt the same best practices as they do for customer-facing apps,” Snyder says.

This means designing apps that are:

Effective. First and foremost, enterprise software must meet employees’ needs and solve their problems.

Simple. Include only the most vital information and features for getting work done.

Personalised. Provide personalised information and tasks for each employee so they don’t spend time searching for relevant content.

Easy to navigate. At least 97 per cent of employees say ease of use is the main factor in choosing which apps to use at work.

Adaptable. Today’s employees expect enterprise apps that adapt to their behaviour as well as whatever device they’re using.

Omnichannel: Being able to utilise an app on your desktop and mobile device is essential, as most employees utilise both to get the job done.

TripIt is a great example of a consumer app that can serve as a model for enterprise software. It pulls together all of your travel information—including flight confirmations, hotel reservations, rental cars and event bookings—and merges it into a single itinerary. Users simply forward their confirmation emails, from the various travel sites, to the app and let it do the rest. It’s streamlined, convenient, and includes all of the information and features users want, which is why more than 13 million travellers use it worldwide.

Using consumer apps as a model, companies can replace their rejected enterprise software with secure alternatives that help get the job done. Once you have an app employees love using, shadow IT will dissipate on its own.